1. Field of the Invention
The present invention relates to a network communication device including an encryption communication function such as IPsec.
2. Description of the Related Art
There is a technology referred to as IPsec (Internet Protocol security), which is a specification for safely performing communications via the Internet. IPsec is specified by plural RFCs, primarily based on RFC (Request For Comment) 4301.
A brief description of IPsec is given below.
The following functions can be realized with IPsec.                Access control: Connection is authorized or unauthorized based on an address, etc., of the connection source.        Insurance of completeness of communication data: It is insured that the communication data are not falsified in the middle of a communication path.        Confidentiality of communication contents: The communication data are encrypted, so that even if the communication data are intercepted in the middle of a communication path, it will not be easy to recognize the communication contents.        
To realize the above functions, the IPsec is configured with plural technologies.
The IPsec employs security protocols referred to as AH (Authentication Header) and ESP (Encapsulating Security Payload). AH is used for authentication (insurance of completeness) and ESP is used for encryption (realization of confidentiality of data). AH is specified by RFC4302 and ESP is specified by RFC4303. AH and ESP respectively have two modes, i.e., a transport mode and a tunnel mode. In the transport mode, the process target of the security protocol is the payload portion of IP. In the tunnel mode, the process target is the entire IP packet.
With IPsec, a parameter set referred to as SA (Security Association) is used for managing keys and encryption algorithms. A database for managing SA is referred to as SAD (Security Association Database). Parameters of SA include an identifier for two points between which communication is to be established, SPI (Security Parameter Index), the type of security protocol, the encryption algorithm and its key, the duration of SA, a value of IV (Initialization Vector) used for the encryption algorithm, and a counter. The SA has a direction, and therefore two SAs are required for performing bidirectional communication.
A security policy generally refers to an action guideline indicating “how” to protect “what” from “whom”. The SP (security policy) in IPsec indicates whether to apply IPsec to a particular kind of IP packet. Parameters of SP include an IP layer protocol number, an IP address, a network address, a transport layer protocol, a port number, and an identifier of the user. A database for managing SP is referred to as SPD (Security Parameter Database).
IPsec is used for various network communication devices including image forming apparatuses such as MFPs (Multi Function Printer) (see, for example, Patent Document 1).
Patent Document 1: Japanese Laid-Open Patent Application No. 2006-20266
In order to perform IPsec communication, the user (administrator or general user) is required to make complex settings. If there is a mistake (an incorrect portion) in the settings, it will not be possible to use the same IP address again to perform communication unless IPsec communication is cancelled. For this reason, if IPsec communication settings have been made from a remote location, the user may need to actually go to the site where the target device is installed to cancel IPsec communication.